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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1 . (Currently Amended) A method for providing a secure user interface to a secured 
execution environment on a system comprising said secured execution environment and Mt a 
second execution environment, comprisin g the steps of : 

accepting user input from a user input device; 

determinin g, based on said user input, whether said user input is intended for said secured 
execution environment; 

if said user input is not intended for said secured execution environment, transferring said 
user input to said second execution environment. 

2. (Original) The method of claim 1, where said step of accepting user input from a 
user input device comprises decrypting said user input. 

3. (Original) The method of claim 1, where said step of accepting user input from a 
user input device comprises establishing a secure communications channel with said user input. 

4. (Original) The method of claim 1, where said step of accepting user input from a 
user input device comprises verifying said user input. 

5. (Original) The method of claim 1, fiirther comprising: 

if said user input is intended for said secured execution environment, determining 
a specific destination entity in said secured execution environment for said user input; and 
transferring said user input to said specific destination entity. 
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6. (Original) The method of claim 5, where said step of determining a specific 
destination entity in said secured execution environment fiirther comprises: 

providing window management fiinctionality for managing at least one graphical 
user interface element owned by said specific destination entity; and 

determining that said user input relates to said graphical user interface element. 

7. (Original) The method of claim 5, where said step of transferring said user input 
to said specific destination entity comprises: 

interpreting said user input. 

8. (Currently Amended) The method of claim 1. further comprisin g the steps of : 
accepting output fi-om a specific source entity in said secured execution 

environment; and 

securely transferring said output to an output device. 

9. (Original) The method of claim 8, where said step of securely transferring said 
output to said output device comprises: 

encrypting said output data. 

10. (Original) The method of claim 8, where said step of securely transferring said 
output to said output device comprises: 

transferring said output to a curtained memory. 
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1 1 . (Currently Amended) A method for providing a secure user interface to a secured 
execution environment on a system comprising said secured execution environment and an a 
second execution environment, comprisin g the steps of : 

accepting output from a specific source entity in said secured execution 
environment; and 

securely transferring said output to an output device. 

12. (Currently Amended) The method of claim 1 1, where said output contains a data 
portion, and w here said step of securely transferring said output to said output device comprises: 

encrypting said output dat a portion of said output . 

13. (Original) The method of claim 11, where said step of securely transferring said 
output to said output device comprises: 

transferring said output to a curtained memory. 

14. (Currently Amended) A computer-readable storage medium containing computer 
executable instructions to providing a secure user interface to a secured execution environment 
on a system comprising said secured execution environment and a» a second execution 
environment, the computer-executable instructions to perform acts comprising: 

accepting user input from a user input device; 

determinin g, based on said user input, whether said user input is intended for said secured 
execution environment; 

if said user input is not intended for said secured execution environment, transferring said 
user input to said second execution environment. 

1 5 . (Currently Amended) The computer-readable storage medium of claim 14, where 
said accepting user input from a user input device comprises decrypting said user input. 
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16. (Currently Amended) The computer-readable storage medium of claim 14, where 
said accepting user input from a user input device comprises establishing a secure 
communications channel with said user input. 

17. (Currently Amended) The computer-readable storage medium of claim 14, where 
said accepting user input from a user input device comprises verifying said user input. 

18. (Currently Amended) The computer-readable storage medium of claim 14, 
wherein the computer-executable instructions are adapted to perform acts further comprising: 

if said user input is intended for said secured execution environment, determining 
a specific destination entity in said secured execution environment for said user input; and 
transferring said user input to said specific destination entity. 

19. (Currently Amended) The computer-readable storage medium of claim 18, where 
said determining a specific destination entity in said secured execution environment fiirther 
comprises: 

providing window management fiinctionality for managing at least one graphical 
user interface element owned by said specific destination entity; and 

determining that said user input relates to said graphical user interface element. 

20. (Currently Amended) The computer-readable storage medium of claim 18, where 
said transferring said user input to said specific destination entity comprises: 

interpreting said user input. 

21 . (Currently Amended) The computer-readable storage medium of claim 14, 
wherein the computer-executable instructions are adapted to perform acts fiirther comprising: 

accepting output from a specific source entity in said secured execution 



Page 5 of 16 



DOCKET NO.: 301134.01/MSFT-2817 

Application No.: 10/693,407 

Office Action Dated: February 16, 2007 



PATENT 



environment; and 

securely transferring said output to an output device. 

22. (Currently Amended) The computer-readable storage medium of claim 2 1 , where 
said output contains a data portion, and w here said securely transferring said output to said 
output device comprises: 

encrypting said output data portion of said output . 

23 . (Currently Amended) The computer-readable storage medium of claim 2 1 , where 
said securely transferring said output to said output device comprises: 

transferring said output to a curtained memory. 

24. (Currently Amended) A computer-readable storage medium containing computer 
executable instructions to providing a secure user interface to a secured execution environment 
on a system comprising said secured execution environment and aa a second execution 
environment, the computer-executable instructions to perform acts comprising: 

accepting output from a specific source entity in said secured execution 
environment; and 

securely transferring said output to an output device. 

25. (Currently Amended) The computer-readable storage medium of claim 24, where 
said output contains a data portion, and w here said step of securely transferring said output to 
said output device comprises: 

encrypting said output dat a portion of said output . 

26. (Currently Amended) The computer-readable storage medium of claim 24, where 
said step of securely transferring said output to said output device comprises: 

transferring said output to a curtained memory. 
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27. (Currently Amended) A trusted user interface engine for providing a secure user 
interface to a secured execution environment on a system comprising said secured execution 
environment and aa a second execution environment, comprising: 

an input trusted service provider accepting user input from a user input device, operably 
connected to said user device; 

a trusted input manager for determinin g, based on said user input, whether said user input 
is intended for said secured execution environment and, if said user input is not intended for said 
secured execution environment, transferring said user input to said second execution 
environment. 

28. (Original) The trusted user interface engine of claim 27, where said input trusted 
service provider decrypts said user input. 

29. (Original) The trusted user interface engine of claim 27, where said input trusted 
service provider establishes a secure communications channel with said user input. 

30. (Original) The trusted user interface engine of claim 27, where said input trusted 
service provider verifies said user input. 

3 1 . (Original) The trusted user interface engine of claim 27, where said trusted input 
manager, if said user input is intended for said secured execution environment, determines a 
specific destination entity in said secured execution environment for said user input; and where 
said trusted input manager fiirther transfers said user input to said specific destination entity. 
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32. (Original) The trusted user interface engine of claim 31, further comprising: 

a trusted window manager that provides window management functionality for 
managing at least one graphical user interface element owned by said specific destination entity; 
and 

where said trusted input manager determines that said user input relates to said 
graphical user interface element. 

33 . (Original) The trusted user interface engine of claim 3 1 , where said trusted input 
manager interprets said user input for said specific destination entity. 

34. (Original) The trusted user interface engine of claim 27, further comprising: 

a trusted output manager that accepts output fi-om a specific source entity in said 
secured execution environment; and that securely transfers said output to an output device. 

35. (Currently Amended) The trusted user interface engine of claim 34. where said 
output contains a data portion, and w here said trusted output manager encrypts said output data 
portion of said output . 

36. (Original) The trusted user interface engine of claim 34, where said trusted output 
manager transfers said output to a curtained memory. 

37. (Currently Amended) A trusted user interface engine for providing a secure user 
interface to a secured execution environment on a system comprising said secured execution 
environment and a» a second execution environment, comprising: 

a trusted output manager that accepts output from a specific source entity in said 
secured execution environment; and that securely fransfers said output to an output device. 
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38. (Currently Amended) The trusted user interface engine of claim 37, where said 
output contains a data portion, and w here said trusted output manager encrypts said output data 
portion of said output . 

39. (Original) The trusted user interface engine of claim 37, where said trusted output 
manager transfers said output to a curtained memory. 

40. (Original) The trusted user interface engine of claim 37, where said trusted output 
manager comprises: 

a trusted rendering interface providing rendering said output from said specific source 
entity; and where said secure transfer is a transfer of said rendered output. 
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